The breach notification requirements in the NY SHIELD Act went into effect on October 23, 2019, and the data security requirements will take effect on March 21, 2020. NY health care and human services providers and other entities that maintain electronic information on NY residents are reminded that they should review and update their current breach notification policies to ensure compliance under HIPAA and the SHIELD Act. Under the new law, any HIPAA-covered entities required to provide notification of a breach, including a breach of information that is not “private information,” to the secretary of the Health and Human Services Office of Civil Rights (HHS-OCR) pursuant to HIPAA must also notify the state Attorney General within five business days of notifying the HHS-OCR.
You can find more information in our previous legal alert.
If you have any questions regarding the content of this alert, please contact Bridget Steele, associate, at bsteele@barclaydamon.com or another member of the firm’s health care or health and human services providers teams.